CVE-2026-8326
CRITICALRemote Spark SparkView Path Traversal in RDP Drive Redirection leading to RCE
Title source: cnaDescription
Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an unauthenticated attacker. This issue affects SparkView: before build 1127.
References (1)
Core 1
Core References
Release Notes release-notes
https://www.remotespark.com/view/new.html
Scores
CVSS v4
10.0
EPSS
0.0038
EPSS Percentile
29.4%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-23
Status
published
Products (1)
Remote Spark (https://www.remotespark.com/)/SparkView
< build 1127
Published
May 29, 2026
Tracked Since
May 29, 2026